CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
31 Mar 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2023-40691 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40691
18 Dec 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1 y 22.0.2 pueden revelar información confidencial contenida en la configuraci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35024 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-35024
14 Oct 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. IBM Cloud Pak para Automatización Empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/258349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 61EXPL: 0CVE-2023-32339 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-32339
27 Jun 2023 — IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587. • https://https://www.ibm.com/support/pages/node/6998727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2023-22860 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22860
27 Feb 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-29872
https://notcve.org/view.php?id=CVE-2021-29872
18 Jan 2022 — IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. IBM Cloud Pak for Au... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206228 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4325
https://notcve.org/view.php?id=CVE-2020-4325
02 Apr 2020 — The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. La API REST de Global Teams del IBM Proc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 • CWE-404: Improper Resource Shutdown or Release •